Page 1 of 1

Deny access to site in development, locally and remote

Posted: Wed Jul 15, 2009 8:42 am
by matthijs
After developing a site locally, the next stage is putting it on the real server but only allowing access to myself or a limited number of people. Using htaccess seems like a convenient thing to do that

However, what is the correct way to do that if I want to use the same htaccess file locally as well as on the remote server.The reason I'd like to use the same file is to be able to update all files/synchronize all files without having to think about which file to update and which not

Something like this?

Code: Select all

 
# deny all except those indicated here
<Limit GET POST PUT>
 order deny,allow
 deny from all
 allow from 127.0.0.1
 allow from localhost
 allow from 12.345.678.987
</Limit>
In which I put my real IP on the place of 12.345.678.987

Re: Deny access to site in development, locally and remote

Posted: Thu Jul 16, 2009 10:34 am
by Maugrim_The_Reaper
Have you ruled out http digest authentication on the public server? Easy to configure, manage and remove for a small group of people. If it's really sensitive stuff, then limit by IP (just watch out for anyone without a static IP from their ISP). Kind of depends who the people are - internal folk or other parties.

Re: Deny access to site in development, locally and remote

Posted: Thu Jul 16, 2009 10:51 am
by matthijs
Maugrim_The_Reaper wrote:Have you ruled out http digest authentication on the public server? Easy to configure, manage and remove for a small group of people. If it's really sensitive stuff, then limit by IP (just watch out for anyone without a static IP from their ISP). Kind of depends who the people are - internal folk or other parties.
Never heard of digest authentication, will have to look it up.

Mostly I will use this only to give access to myself. Maybe in some cases also a client (one or a few people)

Re: Deny access to site in development, locally and remote

Posted: Thu Jul 16, 2009 11:46 am
by Maugrim_The_Reaper
It's like HTTP Authentication: Basic Access - only the passwords are sent hashed. I should have used the full proper name (see mod_auth_digest for Apache). Easy to setup and configure within a Location or VirtualHost section of Apache's conf without storing the passwords within the app directory tree.